rexecd

Service

rexecd provides remote execution facilities with
authentication based on user names and passwords.
Like any other 7/2008R2/8/2012/10/2016 service, you can use the service
utility to start and stop rexecd.

rexecd listens for service requests at port 512.
When a service request is received, the following protocol is initiated:

The service reads characters from the socket up to a NUL byte.
The resultant string is interpreted as an ASCII number, base 10.

If the number received in step 1 is non-zero,
it is interpreted as the port number of a secondary
stream to be used for stderr.
A second connection is then
created to the specified port on the client's machine.

A NUL terminated user name of at most 256 characters
is retrieved on the initial socket.

A NUL terminated, unencrypted password of at most
256 characters is retrieved on the initial socket.

A NUL terminated command to be passed to a
shell is retrieved on the initial socket.
The length of the command is limited to 8192 bytes.

rexecd then validates the user as is done at login time.
If this fails, the connection is aborted and a diagnostic message is returned.

A NUL byte is returned on the initial socket.

rexecd loads the user's profile and runs the command
specified in the user's home directory.
rexecd first checks to see if the SHELL
environment variable is set and if so, that shell is used to run the command.
If SHELL is not set, rexecd checks the
shell, COMSPEC, and ComSpec
environment variables (in that order) to find the shell to be used.
If none of these environment variables are defined, the command is run using
the cmd.exe command interpreter located in the system
directory.

rexecd defaults to allowing multiple concurrent connections.
To limit rexecd to allowing only one connection at a time,
use rconfig or the rexecd tab of the MKS
Toolkit control panel applet.

Note:

This setting is overridden by the MKS Toolkit license. The normal
MKS Toolkit license limits you to a single concurrent connection.
However, a license for an unlimited number of connections is available
for purchase from MKS.

By default, rexecd writes only errors to the event log.
To have rexecd also write event log entries stating
remote host, local user, and command, use rconfig
or the rexecd tab of the MKS Toolkit control panel applet.

Also, by default, rexecd fails when the local user does not
exist.
You can use rconfig or the rshd tab of the MKS
Toolkit control panel applet to have rexecd attempt to
connect as a domain user when the local user does not exist.

installs and starts the rexecd service.
To start the service without installing it, use the service
command:

service start rexecd

-remove

stops and removes the rexecd service.
To stop the service without removing it, use the service
command:

service stop rexecd

-debug

runs rexecd as a normal program in the current console
for debugging purposes.

To use this option, you require the following privileges:

Replace a process level token (SeAssignPrimaryTokenPrivilege)Increase quotas (SeIncreaseQuotaPrivilege)Act as part of the operating system (SeTcbPrivilege)

If you are lacking any of these privileges, rexecd reports
which are missing.
You can use priv to add these privileges and then log out
and back in.
For example, the following assigns all three privileges required for using
this option:

There is a very brief period of time when rexecd is
establishing a connection with a client that it is unavailable to establish
a new connection with another client. Up to a limited number of connection
attempts from other clients are buffered until rexecd is free
to service one of them. Additional connection attempts beyond that limit fail.
An error results from the client indicating that it was unable to find the
rexecd service. In real world usage, this limitation is
unlikely to be encountered.
This limit is operating system dependent.

The rexecd service runs programs in the home directory of
the user that the client connects as. The home directory is the value of the
HOME environment variable for that user. By default,
this variable is set to %HOMEDRIVE%%HOMEPATH%.
However, the HOMEDRIVE and HOMEPATH
environment variables are only available to interactive applications and,
thus, not available to services.
If the value of HOME for the user that the client is
connecting as is set to the default or is defined using the
HOMEDRIVE or HOMEPATH environment variables,
rexecd cannot use HOME to
identify the user's home directory. In such a case, rexecd
uses a reasonable default as the home directory.
For this reason, it is recommended that the HOME environment
variable be explicitly set (without using HOMEDRIVE
or HOMEPATH) for each user that rexecd
can be run as.
For instructions on setting and viewing environment variables, see your
Operating System's online help.